HSBC UK Bank plc. (‘HSBC UK’, ‘we’, ‘our’ and ‘us’) collects, uses and shares information about you so that we can provide you with a bank account and related services. This App Privacy Notice explains how we collect, use and share your information when you use our app, including information about the device that the app is installed on, for example, your mobile phone or tablet. You can find full information in our main privacy notice. This app is provided by HSBC Global Services (UK) Limited for us and on our behalf but all products and services accessed via this app are provided by HSBC, HSBC group companies or selected partners.
For further information on anything related to this App Privacy Notice, or to contact our Data Protection Officer (DPO), you can write to Customer Service Centre, BX8 1HB addressed ‘For the attention of the DPO’. To exercise your privacy rights, you can write to Customer Service Centre, BX8 1HB addressed ‘For Rights of Individuals Fulfilment (ROIF)’. Alternatively, you can contact us using our HSBC UK Mobile Banking app where you can chat with us 24/7, via telephone banking or in branch.
We use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and apply appropriate measures for the use and transfer of information.
We may share your information with other HSBC group companies and any sub-contractors, agents or service providers who work for us or other HSBC group companies (including their employees, sub-contractors, service providers, directors and officers) to provide you with products or services that you ask for (such as bank accounts and payments).
We’ll keep your information in line with our data retention policy. For example, we’ll normally save your main banking information for a period of 7 years from the time our relationship ends with you. This allows us to comply with legal and regulatory requirements or use it for legitimate purposes, such as managing your account and dealing with any disputes or concerns that may arise. We may need to keep your information for longer if we need the information to comply with regulatory or legal requirements, detect or prevent fraud and financial crime, answer requests from regulators etc. If there is no need for us to keep the information for this length of time, we may destroy, delete or anonymise it sooner.
The list below explains what information we collect from your device, how we use it and whether we share it. In some cases, we’ll seek your permission.
Permission for devices:
- Camera: Allows you to take a photo of a cheque and deposit it using the HSBC UK Mobile Banking app. Also allows you to scan a QR code and use the app on up to 3 devices
- Contact details: Allows you to make transactions to your saved contacts
- Location: Allows us to detect your location and prevent fraud when you’re using the HSBC UK Mobile Banking app
- Microphone: Allows you to send recorded voice messages when you’re chatting with us
- Phone numbers: Allows you to share the phone number that is registered with your HSBC UK account
- Device information and internet access: Allows us check if you have a working internet connection
- Messaging: Allows us to enable your phone’s vibration so that you’re notified when you receive any chat message from us
- Push messages: Allows us to inform that you’ve received a chat message and send you transaction notifications from HSBC UK
- Speech Recognition: Allows us to convert spoken language into text in mobile chat
Permission specific to iOS devices:
- Photos: Allows us to access your photos so that we can help you make a transaction using QR code
- Biometric information: Allows you to use your biometric credentials, such as Face ID or Touch ID, to log on
- App tracking transparency: Allows you to grant us the permission to track your activities across other companies’ apps and websites (versions 14.0 and above)
Permission specific to Android devices:
- External storage device (for example memory card): Allows HSBC UK to save files, such as statements, on your device's external storage so that you can view or send them
- Biometric information: Allows you to use your biometric credential, such as fingerprint recognition, to log on
- Application permission: Allows Google Play Store to keep a record from where you downloaded the HSBC UK Mobile Banking app
- High sampling rate sensors: Allows us to check any unusual or suspicious activity on your device to prevent payment scams and fraudulent activities
- Application information: Allows us to collect information about applications installed on your device to check whether you might have risky applications on it. This helps us protect you and us from financial crime.
- Bluetooth connect: Allows us to detect the types and number of devices connected to your phone/tablet via Bluetooth because fraudsters can use it to monitor or control your device(s). This helps us to detect and prevent fraud.
- Read phone state: Allows us to know if you are on a call while using the app. This helps us to detect and prevent fraud.
Cookies:
We use the following tools to collect information about your device and the way you use it online.
- Transmit Security - Helps make sure your logon and authentication are more secure
- Tealium (tag manager) - Allows us to manage cookies based on your preferences
- AppDynamics - Helps track app performance so that it can keep running smoothly
- TIS mobiFlow - Allows you to deposit cheques digitally
- LivePerson – Allows us to provide chat support and messaging services
- Google Pay - Allows you to make payments using your Google Pay app
- Brightcove - Allows us to play videos on our app and also helps track the performance of your device
- Creative Virtual - Allows us to ensure that you’re using the correct server for our virtual assistant to work properly
- Google (reCAPTCHA) – Allows us to validate that the interaction with our app is being performed by a human rather than an automated system or 'bot', for security purposes
- BioCatch - Allows us to check unusual or suspicious activity on your device, such as malware, so that we can prevent payment scams and fraudulent activities
- ThreatMetrix - Allows us to protect you against fraud by identifying if there are any malware or risky software installed on your device
- Vasco DigiPass - Allows us to detect and prevent fraudulent activities on our app
- Qualtrics – Allows us to provide questionnaires to you or enable you to provide feedback using surveys
- Optimizely and (AudienceStream/EventStream) - Allows us to deliver personalised content in various forms across our apps
- Tealium AudienceStream – Allows us to collect data about how you use this app, in order to create profiles based on your behaviour, and also to measure the performance of our digital advertising
- Tealium EventStream - Allows us to collect data to understand how you use our app and to personalise our app and other services
- Contentsquare – Allows us to improve your digital experience when you’re using our app
- Celebrus – Allows personalised content delivery across apps and identifies behaviours that may represent an increased risk of fraud and provide associated warnings